{"id":148,"date":"2019-04-02T09:53:46","date_gmt":"2019-04-02T07:53:46","guid":{"rendered":"https:\/\/192.168.10.2\/blog\/?p=148"},"modified":"2024-10-11T09:58:10","modified_gmt":"2024-10-11T07:58:10","slug":"cyber-gru-v-october-2018","status":"publish","type":"post","link":"https:\/\/lab52.io\/blog\/cyber-gru-v-october-2018\/","title":{"rendered":"(Cyber) GRU (V): October 2018"},"content":{"rendered":"\n

If 2018 was already a bad year for the GRU, on October 4th<\/strong>,\n different Western countries gave the final touch to the Service by \npublishing information about their operations and agents: it is the \nNetherlands, the United Kingdom, Canada and the United States \u2013 and \nimmediately Australia and New Zealand, as is normal, supported their \nallies. Summarizing: Holland and FVEY finish off the annus horribilis<\/em> of the Service, as we will see in this post.<\/p>\n\n\n\n

Holland<\/strong><\/p>\n\n\n\n

On October 4th, the Dutch military intelligence, the MIVD (Militaire Inlichtingen- en Veiligheidsdienst<\/em>)\n published in a press conference ([1]) the operation carried out in \nApril in which four GRU members were identified and expelled from the \ncountry on charges of attacking the Organization for the Prohibition of \nChemical Weapons (OPCW); as the US Department of Justice did in July, it\n provides a wealth of detail about the identities, techniques, security \nmeasures, objectives \u2026 of GRU agents operating on Dutch soil with \ndiplomatic passports. According to this information, four agents of the \nService (two assigned to Unit 26165, Aleksei SERGEYEVICH MORENETS and \nEvgenii MIKHAYLOVICH SEREBRIAKOV, and two possibly assigned to Unit \n22177, Alexey VALEREVICH MININ and Oleg MIKHAYLOVICH SOTNIKOV) land on \nApril 10 in the Netherlands and are received by staff from the Russian \nEmbassy in this country, they rent a car and execute a close access \noperation to try to compromise the security of the OPCW. They are \nidentified, money is seized in cash and technical equipment (which of \ncourse is analyzed in detail, showing data from other operations) that \nincludes devices to attack wireless networks and are accompanied to an \nAeroflot plane that returns them to Russia. In the face of serious Dutch\n accusations, Russia defends that its agents simply conducted a security\n inspection at the country\u2019s embassy in the Netherlands.<\/p>\n\n\n\n

UK<\/strong><\/p>\n\n\n\n

The NCSC (National Cyber Security Center<\/em>), dependent on the \nBritish GCHQ, on October 4th also gives a new and hard blow to the GRU \n[2]: as we have said before, it accuses the Russian service, directly \nand openly, of various cyber-attacks, including against the anti-doping \nagency WADA or the US DNC. Without the display of evidence from the \nDutch, the British accuse the GRU \u2013 and identify it directly with APT28 \u2013\n of attacks against the International Anti-Doping Agency (WADA), the \nDNC, critical infrastructure in the Ukraine or the Organization for the \nProhibition of Chemical Weapons (OPCW). In all cases it explicit states \n\u201cNCSC assess with high confidence that the GRU was almost certainly \nresponsible\u201d: this high level of confidence in their statements makes \nthe British government to directly accuse the Kremlin of these attacks; \nit further indicates that the NCSC will continue to work with its allies\n to bring the GRU\u2019s activities and methods to light (a particularly \nsignificant phrase).<\/p>\n\n\n\n

USA<\/strong><\/p>\n\n\n\n

That same day the Department of Justice published a new accusation \nagainst GRU agents. On this occasion, seven agents of the Service were \nidentified, four of whom were expelled from Holland in April and the \nremaining three had been identified in July by the same Department. The \nfollowing table shows the summary of these identities:<\/p>\n\n\n\n
Unit<\/strong><\/td>Name<\/strong><\/td>Job<\/strong><\/td>Position<\/strong><\/td>Aliases<\/strong><\/td>Previous accusations<\/strong><\/td><\/tr>
26165<\/strong><\/td>Aleksei SERGEYEVICH MORENETS<\/td>Lexa<\/td><\/tr>
26165<\/strong><\/td>Evgenii MIKHAYLOVICH SEREBRIAKOV<\/td>Zhenya<\/td><\/tr>
26165<\/strong><\/td>Artem ANDREYEVICH MALYSHEV<\/td>Lieutenant<\/td>djangomagicdev
\nrealblatr<\/td>		DNC<\/td><\/tr>
26165<\/strong><\/td>Ivan SERGEYEVICH YERMAKOV<\/td>Kate S. Milton
\nJames McMorgans
\nKaren W. Millen<\/td>		DNC<\/td><\/tr>
26165<\/strong><\/td>Dimitry SERGEYEVICH BADIN<\/td>Assistant Head of Department<\/td>DNC<\/td><\/tr>
22177<\/strong><\/td>Alexey VALEREVICH MININ<\/td><\/tr>
\u00bf22177?<\/strong><\/td>Oleg MIKHAYLOVICH SOTNIKOV<\/td><\/tr><\/tbody><\/table>\n\n\n\n

The Department of Justice accuses ([3]) all of them of attacks, in \naddition to companies such as WestingHouse Electric Company, anti-doping\n organizations such as WADA, of which we have already spoken, the USADA \n(US Anti Doping Agency) or the CCES (Canadian Center for Ethics in \nSport), among others. In particular, and hence the issue of the arrest \nwarrant issued by the FBI shown in the image, the GRU apparently focused\n on attacking this type of organizations linked to sport, perhaps as a \nresult of the accusations against Russia of systematic doping of its \nathletes and its impact on the Rio de Janeiro Olympics in 2016.<\/p>\n\n\n\n

\"\"<\/figure><\/div>\n\n\n\n

Search poster published by the FBI (October 2018)<\/em><\/p>\n\n\n\n

Canada<\/strong><\/p>\n\n\n\n

Finally, on the same day, Canada also joined the official accusations\n against the GRU by publicly demonstrating ([4]), albeit more succinctly\n than the rest of the countries, that the Russian Service, again \nidentified with APT28, attacked WADA \u2013 headquartered in Canada \u2013 and the\n Canadian Center for Ethics in Sport, and also blames the GRU for the \nattacks on OPCW in the Netherlands, thus supporting its allies. All \nthis, as in previous cases, with high confidence. For this reason, the \nCanadian government considers the Russian government directly \nresponsible for a violation of international laws and established norms.<\/p>\n\n\n\n

References<\/strong><\/p>\n\n\n\n